PT-2025-43615 · WordPress · Ai Chatbot Free Models Plugin
Published
2025-10-24
·
Updated
2025-10-24
·
CVE-2025-11576
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
AI Chatbot Free Models plugin for WordPress versions up to and including 1.6.5
Description
The AI Chatbot Free Models plugin for WordPress is susceptible to CSV Injection due to inadequate input sanitization within the
newcodebyte chatbot export messages function. This allows unauthenticated attackers to inject malicious code into exported CSV files. When a user downloads and opens these compromised files on a system with a vulnerable configuration, code execution can occur.Recommendations
Update the AI Chatbot Free Models plugin to a version newer than 1.6.5.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ai Chatbot Free Models Plugin